You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.
Report
Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.
Strength of cryptographic algorithms depends on a sufficient key size to be robust against brute-force attacks. A theoretically sound encryption scheme with an insufficient key size can still be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). We would love to have you spread the word about the good work you are doing
Result(s)
Provide at least one useful result found by your query, on some revision of a real project.
CVE ID(s)
List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.
Report
Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.
Strength of cryptographic algorithms depends on a sufficient key size to be robust against brute-force attacks. A theoretically sound encryption scheme with an insufficient key size can still be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.
This type of issues is categorized as CWE-326: Inadequate Encryption Strength.
The relevant query finds uses of strong encryption algorithms (AES, DSA, RSA, and EC) with too small a key size.
Relevant PR - #4926
Result(s)
Provide at least one useful result found by your query, on some revision of a real project.